This blog was coauthored by Bria Grangard and Justin Buchanan.
Every business is becoming a software business, and web applications are critical for their success. Because of this, web apps are often a primary target for many attackers. In fact, according to a recent Forrester report, web apps and software vulnerabilities have become the top two ways external attackers gain access to company networks.
Today we are tasked with securing multiple layers of an application, including infrastructure configuration, compute instances, containers, and the web application itself. As a business, we rely on each of these layers to function as one cohesive application. However, it’s important we recognize that each new layer presents a new opportunity for a security breach. As application exploitation continues to increasingly become the focus of attackers, security and development teams need to find more integrated approaches to both application and infrastructure security.
A holistic approach across teams and technology
Rapid7 has a long history of empowering security and IT teams to overcome the political barriers that keep these teams siloed and enabling them to get the work done of reducing risk.
Our customers tell us, that this has helped them “reduce the manual effort to investigate as well as remediate vulnerabilities by 33%”*—just saying.
As our modern teams—and the technology we support—have evolved, Rapid7 continues to pioneer extending the security team’s influence beyond the traditional IT operations team to additional stakeholders including development and DevOps teams.
Rapid7’s Insight cloud provides a wide range of technologies for securing all of the intertwined layers of your web apps. The Insight cloud provides an industry-leading DAST solution, Next-Gen WAF & RASP technology, Vulnerability Risk Management, Cloud Configuration Assessment, and Container Assessment—making securing the end-to-end life cycle of your apps easy. With the goal of continuously helping our customers identify risks we also leverage the findings of our global Metasploit Community and threat research which leads the way in providing actionable insights for reducing risk.
Partners in accelerating application security
The central challenge we find with teams partnering to secure applications is communicating risk and vulnerabilities in clear and actionable ways. We’ve focused on adding capabilities to help articulate and validate risk in ways that allow teams to move quickly. To further our commitment to extend the influence of security teams into development, Rapid7 is excited to announce our partnership with leading developer-first security provider Snyk. Together, we are teaming up to deliver a comprehensive approach to modern application security that will help developers secure applications and infrastructure at scale early in the development process with the ability to find and fix vulnerabilities in open source components and container images, while continuing to provide improved methods for scanning, testing, monitoring, and protecting applications.
What could this look like? Well, by adding the Snyk vulnerability database to the Rapid7 Insight cloud, you’d be able to better analyze vulnerabilities across the application security lifecycle. Rapid7 and Snyk would give security and risk management leaders a simple and powerful way to control risk in containers and open source components in web applications. Concise remediation instructions that can be submitted as a GitHub pull request in one click would give security analysts confidence and developers a dynamic way to fix identified vulnerabilities before they become a serious problem.
Shared ownership means better remediation
Security teams are adapting and finding ways to integrate with development teams, sharing ownership of security across both teams. This ability to work together more fluidly helps both teams achieve security goals earlier in the process and faster overall.
Existing Rapid7 customers who are interested in learning more about the Rapid7 and Snyk partnership can sign up for the waitlist here. If you are interested in becoming a Rapid7 customer, sign up for a free trial of the Insight cloud to experience how Rapid7 is uniting development, IT, and security teams to advance cloud-native apps.
*Source: The Total Economic Impact™ Of Rapid7 InsightVM, a November 2019 commissioned study conducted by Forrester Consulting on behalf of Rapid7.